netbuzz writes: "Educause members and 7,000 university websites are being forced to change account passwords after a security breach involving the organization’s.edu domain server. However, some initially hesitated to comply because the Educause notification email bore tell-tale markings of a phishing attempt. “Given what is known about phishing and user behavior, this was bad form,” says Gene Spafford, a Purdue University computer science professor and security expert. “For an education-oriented organization to do this is particularly troubling.”"